Comments (21)
@Furragen what is the command you use to do this manually today?
from netapp.ontap.
The process of configuring S3 via the cli can be a little bit complex, depending on your use case.
It is documented here: https://docs.netapp.com/us-en/ontap/pdfs/sidebar/S3_configuration_with_the_CLI.pdf
If you want, I can outline how I would do it at the moment, but that may not apply to others possibly using the modules.
from netapp.ontap.
@Furragen i think that is covered in the Object_store module (https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_object_store_module.html#ansible-collections-netapp-ontap-na-ontap-object-store-module)
This module maps to the cloud/target rest API.
https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/cloud/cloud_target_create
Let me double check with the rest of the team though
from netapp.ontap.
Ok i talked with the team look like Object_store should cover things up until page 19.
We'll need 2 new modules to cover
- /protocols/s3/buckets -- https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/object-store/s3_bucket_create
- /protocols/s3/services --https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/object-store/s3_service_create
I'll go ahead and create internal stories for these.
from netapp.ontap.
I have Stories
- DEVOPS-4805
- DEVOPS-4806
open for these 2 new modules.
from netapp.ontap.
Hi @carchi8py ,
thanks for the feedback.
I was under the impression that the Object_store-module is used to configure external objectstores for storage tiering.
So thanks for the clarification.
Looking forward to the new modules.
from netapp.ontap.
@Furragen could you let me know if the new s3_bucket module address what was currently missing?
https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_buckets_module.html#ansible-collections-netapp-ontap-na-ontap-s3-buckets-module
from netapp.ontap.
Hi @carchi8py ,
thanks for working on this and creating the new module so fast!
I will try to check it out asap.
from netapp.ontap.
So, I started to write a playbook to test this out today, but I still am stuck with the Object_store-Module.
The docs say, I have to create a object-store-server (page 20 at the bottom and following).
I was under the impression that I would do that with the Object_store-Module. But this module does not seem to have a parameter to set the vserver to create the object-store-server in.
Did I miss something here or do I read the docs of the module wrong?
Just to test the new bucket-module I did the creation of a object-store-server via the cli and then used Ansible to create a bucket, which worked fine.
But would I not also need a module to create S3-users?
Also, on the cli I can specify the size of the bucket in GB/TB/PB. Would it be possible to get this in the module as well?
Thank you for your work, this looks very promising!
from netapp.ontap.
Let me look in to this. Our modules use the REST API which is rather different than the CLI
Look like our module which is using /protocols/s3/buckets/ cover page 22 onwards https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/object-store/s3_bucket_create
and I think page 20 is /protocols/s3/services (https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/object-store/s3_service_create).
It looks like /protocols/s3/buckets will auto create a /protocols/s3/services in an enabled state when called. But let me double check
With that said we will need modules for creating groups and users.
from netapp.ontap.
I just tested your theory regarding the auto creation of a object-store-server on creation of a bucket.
It does not seem to work that way.
The bucket is created, but the vserver does not add s3 to its protocols and no object-store-server is created.
from netapp.ontap.
Thank i came to the same conclusion after talking to a few ONTAP people
- Story 5110 for Service
- Story 5111 For S3/Users
- Story 5112 for S3/Groups
- Story 5113 for an S3 role (to group everything together)
from netapp.ontap.
@Furragen story 5110 and 5111 made it in this month's release.
So you should be able to use bucket to create the buckets-- https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_buckets_module.html#ansible-collections-netapp-ontap-na-ontap-s3-buckets-module
- Users to create the users -- https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_users_module.html#ansible-collections-netapp-ontap-na-ontap-s3-users-module
- service to create the service (and attach the users and buckets to it)
https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_services_module.html#ansible-collections-netapp-ontap-na-ontap-s3-services-module
I'm working on getting group in the next release (for july) and a role that will put all these steps together so you don't need have have 4 different plays.
from netapp.ontap.
Sorry for coming back late to this issue, I will try to test this as soon as possible.
Looks very promising :)
Thanks a lot!
from netapp.ontap.
So, I have been able to test the modules and they work as expected 👍
Just one thing: if I create a s3-user via the module, I have to login to the netapp, get advanced privileges and show the user on the cli to get the secret key. Is that correct or is there another way to get to the secret key?
I guess it would be convenient to have the secret key as a return value to be able to write it a vault or something.
from netapp.ontap.
@Furragen I'll add a new story to return that.
I'll return the secret key (does the access key is also needed)?
from netapp.ontap.
Yes, the access key would also be needed, thanks.
from netapp.ontap.
Hi @carchi8py ,
where are you on this?
from netapp.ontap.
As part of the 21.21.0 release, we should have everything in place (last month release)
- na_ontap_s3_groups and policies were added
- na_ontap_s3_users returns the secret_key and access_token on user creation
and a few bug we found in buckets was fixed
https://github.com/ansible-collections/netapp.ontap#21210
The only story I have left open was to make a role for S3 for all the s3 tasks to be grouped together.
from netapp.ontap.
Has the group-module some sort of different requirements?
All other modules work fine, but no matter how simple my approach to the group-module is, I always end up getting this error:
ansible_collections/netapp/ontap/plugins/modules/na_ontap_s3_groups.py\", line 151, in get_s3_groups\nTypeError: 'NoneType' object is not iterable\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1
This is of course not the complete output, but before that its just paths to the files of Ansible and warnings regarding ssl.
To me this looks like Ansible is trying to get the s3-groups in the vserver but is unhappy with what it is getting returned.
Any ideas?
Is Python 3.8 maybe too old for this?
from netapp.ontap.
Sorry, that one was on me. Needed to look at my code again.
From my point of view this is now done.
Thanks again for your work! :)
from netapp.ontap.
Related Issues (20)
- Current version pushed to Ansible Galaxy has typo in `/netapp/ontap/plugins/modules/na_ontap_s3_users.py` HOT 33
- na_ontap_igroup_initiator fail after second run HOT 3
- Metrocluster Switchover -Simulate true HOT 2
- na_ontap_s3_service module or na_ontap_svm module needs to return access key and secret key HOT 3
- "owning_resource" in na_ontap_rest_info HOT 2
- na_ontap_interface feature_flags not working HOT 2
- It is not possible to set the audit file rotation to a schedule HOT 6
- Error in na_ontap_nfs HOT 2
- SVM Provisioning with 'workgroup' requires ZAPI instead of REST HOT 1
- Missing Modules After Install netapp.ontap Collection HOT 1
- na_ontap_cifs_server - support for multichannel and max-connections HOT 2
- na_ontap_cifs - add support for offline_files property HOT 4
- deleting qtrees with many files has no success. HOT 4
- Autonomous Ransomware Protection change status HOT 1
- Trying to break the snapmirror throws error if primary cluster is not available HOT 3
- Add snapshot locking to na_ontap_volume & na_ontap_snapshot_policy HOT 1
- Installing multiple intermediate certificates in na_ontap_security_certificates
- Add support for activity_tracking HOT 1
- Snapmirror-Resync fails on different Ontap-versions HOT 1
- na_ontap_broadcast_domain doesnt correctly modifying a broadcast domain's ports using REST HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netapp.ontap.